Stephen Frost <sfrost@snowman.net> writes:
> * Petr Jelinek (petr@2ndquadrant.com) wrote:
>> Yeah it will, mainly because extensions can load modules and can
>> have untrusted functions, we might want to limit which extensions
>> are possible to create without being superuser.
> The extension has to be available on the filesystem before it can be
> created, of course. I'm not against providing some kind of whitelist or
> similar which a superuser could control.. That's similar to how PLs
> work wrt pltemplate, no?
The existing behavior is "you can create an extension if you can execute
all the commands contained in its script". I'm not sure that messing
with that rule is a good idea; in any case it seems well out of scope
for this patch.
regards, tom lane